OS Command Injection Vulnerability in Zyxel GS1900 and XGS Series
CVE-2021-35031
6.8MEDIUM
Key Information:
- Vendor
Zyxel
- Vendor
- CVE Published:
- 28 December 2021
What is CVE-2021-35031?
A vulnerability has been identified in the TFTP client of Zyxel GS1900 series, XGS1210 series, and XGS1250 series firmware that allows an authenticated LAN user to execute arbitrary operating system commands through the device's graphical user interface. This flaw could potentially lead to unauthorized access and manipulation of system-level functions, posing significant security risks to the affected network devices.
Affected Version(s)
GS1900 series firmware 2.60
XGS1210 series firmware 1.00(ABTY.4)C0
XGS1250 series firmware 1.00(ABWE.0)C0